Monday, February 07, 2005

imho Critique of Cameron’s Seventh Law


Pointer to blogpost:

Kobielus kommentary:
I don’t think Kim’s seventh law is necessary. I agree with its thrust, but I think it can be resolved to the three identity governance principles I proposed.

First, consider Kim’s wording of his new law:

• “The Law of Harmonious Contextual Autonomy: The unifying identity metasystem MUST facilitate negotiation between relying party and user of the specific identity and its associated encoding such that the unifying system presents a harmonious technical and human interface while permitting the autonomy of identity in different contexts.”

Put more simply, identity environments must not constrain the ability of people and relying parties to arrive at a mutually agreeable handshake on the identities appropriate to particular transactions.

Now, consider the three laws I proposed:

• “Law of identity federation: Domains must be able to establish trust relationships under which they can choose to accept each other’s identity assertions and honor each other’s identity decisions--or reject them--subject to local policies.
• Law of identity assurance: Entities must be able to unambiguously ascertain, resolve, and verify each other’s identities, and reserve the right to refrain from or repudiate interactions in which such assurance is lacking.
• Law of identity self-empowerment: Humans must be able to self-assert their identities, and reveal or conceal as much or little of their identity as they wish, at any time, for any reason, from any other party, for any duration, and also to unlaterally defederate from any domain that deliberately or inadvertently compromises or violates these rights.”

This formulation asserts the critical importance of “local policies”—i.e., those of the identity owning party and the identity relying party—to any identity-based interaction. This is the “context” that Cameron, Lewis, Lemon, and others discussed. It needn’t be a “community context.” Rather, reduced to its simplest, it’s simply the converged interaction-specific contexts of the identity relying and owning parties.

It’s identity impedance matching:

• Sez the identity-owning party: “Here are the identities I might choose to present to you, the relying party.”
• Sez the identity-relying party: “Here are the identities I might choose to honor from you, the identity-owning party.”

If there’s an intersection between those two sets of identities within the context of a proposed interaction, there’s a basis for further negotiation. Hence a basis for further interaction.


P.S. BTW, do people realize I’m looking for a job? I’m looking for a position in the IdM industry. Are my ideas not sufficient to show that I know what I’m talking about? Please call me. 703-924-6224. AIM screen name: "Jim Kobielus"